[jira] [Updated] (HDDS-5556) GrpcReplication Client may fail in SCM HA Cluster

Sun, 08 Aug 2021 23:25:10 -0700 


     [ 
https://issues.apache.org/jira/browse/HDDS-5556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bharat Viswanadham updated HDDS-5556:
-------------------------------------
    Description: 
Scenario:
1. DN1 got cert from SCM1
2.  DN2 got cert from SCM2
3. DN3 got cert from SCM3
4. DN4 got cert from SCM3

And now one of the closed container is under replicated due to DN3 faiilure, 
and DN4 is choose for replication it will fail during  secure channel setup.

{code:java}
 sslContextBuilder
            .trustManager(certClient.getCACertificate)
            .clientAuth(ClientAuth.REQUIRE)
            .keyManager(certClient.getPrivateKey(),
                certClient.getCertificate()); 
{code}


In SCM HA kind of setup we should pass for truststore all the CA certs to setup 
a secure channel.



  was:
Scenario:
1. DN1 got cert from SCM1
2.  DN2 got cert from SCM2
3. DN3 got cert from SCM3
4. DN4 got cert from SCM3

And now one of the closed container is under replicated due to DN3 faiilure, 
and DN4 is choose for replication it will fail during       

{code:java}
 sslContextBuilder
            .trustManager(certClient.getCACertificate)
            .clientAuth(ClientAuth.REQUIRE)
            .keyManager(certClient.getPrivateKey(),
                certClient.getCertificate()); 
{code}


In SCM HA kind of setup we should pass for truststore all the CA certs to setup 
a secure channel.




> GrpcReplication Client may fail in SCM HA Cluster
> -------------------------------------------------
>
>                 Key: HDDS-5556
>                 URL: https://issues.apache.org/jira/browse/HDDS-5556
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: Ozone Datanode
>            Reporter: Bharat Viswanadham
>            Assignee: Vivek Ratnavel Subramanian
>            Priority: Blocker
>
> Scenario:
> 1. DN1 got cert from SCM1
> 2.  DN2 got cert from SCM2
> 3. DN3 got cert from SCM3
> 4. DN4 got cert from SCM3
> And now one of the closed container is under replicated due to DN3 faiilure, 
> and DN4 is choose for replication it will fail during  secure channel setup.
> {code:java}
>  sslContextBuilder
>             .trustManager(certClient.getCACertificate)
>             .clientAuth(ClientAuth.REQUIRE)
>             .keyManager(certClient.getPrivateKey(),
>                 certClient.getCertificate()); 
> {code}
> In SCM HA kind of setup we should pass for truststore all the CA certs to 
> setup a secure channel.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to